- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- Re: ACL to block everything other than DHCP and DN...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2018 02:43 AM
01-23-2018 02:43 AM
ACL to block everything other than DHCP and DNS
Hello,
I have configured a VLAN on our core switches to allow the use of a VDI solution but what i want is for this particular VLAN not to be able to connect with anything else on the network other than DHCP and DNS from our DC's which are on IP's 10.40.208.169 and 10.40.208.170 and i would like if possible to allow the Server VLAN which is a 10.40.208.128/26 range to be able to communicate into the VLAN but the clients not to be able to communicate out.
Then VLAN is on a 10.77.0.0/16 range, i have created an extended ACL on the core switch but i cannot seem to get the correct permits and denys on the ACL to get what i need.
Any help would be helpful.
Thanks
Scott
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2018 03:57 PM
01-23-2018 03:57 PM
Re: ACL to block everything other than DHCP and DNS
Bearing in mind acls aren't very good and you would be better off putting your VDI hosts in their own zone policed by a proper firewall, if you really want to try this, you should have something like:
allow 10.77.0.0/16 --> 10.40.208.169 : UDP 53,67,68
deny 10.77.0.0/16 --> 0.0.0.0/0
interface vlan 77
ip address 10.77.0.1
apply acl (name) in
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2018 11:21 PM
01-23-2018 11:21 PM
Re: ACL to block everything other than DHCP and DNS
Thank you Vince for you reply,
I am building this VDI solution into a RDS solution so i do need some functionatlity to the network these VDI desktops wont be going out to the internet so i need to try and sort the access via the Switches.
Scott